Changes to secret filtering:

Fixed greedy regex's which would eat much of configuration.
author: Nick Bailey <nbailey@shermanhoward.com> 2018-07-06 09:55:16 -0600
committer: ytti <saku@ytti.fi> 2018-07-07 12:11:19 +0300
commit: 0dec0790f6e41cbeaf76de8fed106f7e845cd176 (patch)
tree: 562da33d5264998ed7f89b43509f999df8fd7ddf /lib/oxidized/model/fortios.rb
parent: 55036037d9dac7b142813da8c3ff1370c31acbea (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/oxidized/model/fortios.rb b/lib/oxidized/model/fortios.rb
index 7269568..e9ccbc4 100644
--- a/lib/oxidized/model/fortios.rb
+++ b/lib/oxidized/model/fortios.rb
@@ -19,9 +19,9 @@ class FortiOS < Oxidized::Model
     cfg.gsub! /(set .*secret) .+/, '\\1 <configuration removed>'
     # A number of other statements also contains sensitive strings
     cfg.gsub! /(set (?:passwd|password|key|group-password|auth-password-l1|auth-password-l2|rsso|history0|history1)) .+/, '\\1 <configuration removed>'
-    cfg.gsub! /(set private-key).*-+END ENCRYPTED PRIVATE KEY-*"$/m, '\\1 <configuration removed>'
-    cfg.gsub! /(set ca ).*-+END CERTIFICATE-*"$/m, '\\1 <configuration removed>'
-    cfg.gsub! /(set csr ).*-+END CERTIFICATE REQUEST-*"$/m, '\\1 <configuration removed>'
+    cfg.gsub! /(set private-key ).*?-+END ENCRYPTED PRIVATE KEY-*"$/m, '\\1<configuration removed>'
+    cfg.gsub! /(set ca ).*?-+END CERTIFICATE-*"$/m, '\\1<configuration removed>'
+    cfg.gsub! /(set csr ).*?-+END CERTIFICATE REQUEST-*"$/m, '\\1<configuration removed>'
     cfg.gsub! /(Cluster uptime:).*/, '\\1 <stripped>'
     cfg
   end
author	Nick Bailey <nbailey@shermanhoward.com>	2018-07-06 09:55:16 -0600
committer	ytti <saku@ytti.fi>	2018-07-07 12:11:19 +0300
commit	0dec0790f6e41cbeaf76de8fed106f7e845cd176 (patch)
tree	562da33d5264998ed7f89b43509f999df8fd7ddf /lib/oxidized/model/fortios.rb
parent	55036037d9dac7b142813da8c3ff1370c31acbea (diff)